Microsoft July 2025 Patch Tuesday fixes one zero-day, 137 flaws

Microsoft July 2025 Patch Tuesday fixes one zero-day, 137 flaws

Category: <h2 class="cBlue inline m-r-10">Arti<span class="cOrange">cles</span></h2>

Microsoft July 2025 Patch Tuesday fixes one zero-day, 137 flaws

Information

Microsoft is one of the world’s leading technology companies, founded in 1975 by Bill Gates and Paul Allen. It is best known for developing the Windows operating system, which powers most personal computers around the world.

Incident

            On July 9, 2025, Microsoft released its monthly Patch Tuesday update, addressing a total of 137 security vulnerabilities. Among them is a zero day vulnerability in Microsoft SQL Server that was actively exploited, alongside 14 critical flaws across various Microsoft products.

             This July's Patch Tuesday update addresses a wide range of vulnerabilities, including 14 classified as Critical. Of these, 10 are Remote Code Execution (RCE) vulnerabilities, which could allow attackers to execute arbitrary code remotely. One vulnerability involves Information Disclosure, And two are AMD Side-Channel Attack vulnerabilities.

The vulnerabilities addressed in this update include: 53 Elevation of Privilege, 8 Security Feature Bypass, 41 Remote Code Execution, 18 Information Disclosure, 6 Denial of Service, and 4 Spoofing vulnerabilities. However the zero-day vulnerability addressed in this update is CVE-2025-49719,

         A Microsoft SQL Server Information Disclosure Vulnerability. It stems from improper input validation within SQL Server, allowing unauthorized attackers to access data from uninitialized memory over the network. Microsoft credited Vladimir Aleksic for discovering the vulnerability but did not disclose how it was made public.

          In addition, several other notable Critical vulnerabilities were addressed, including multiple Remote Code Execution (RCE) flaws in Microsoft Office. These can be exploited simply by opening a specially crafted document or even by previewing it in the preview pane. However,

          Microsoft noted that updates for Microsoft Office LTSC for Mac 2021 and 2024 are not yet available, But will be released soon. Another significant Critical vulnerability is CVE-2025-49704 in Microsoft SharePoint, Which can be exploited remotely over the internet. Attackers only need to have an authenticated user account on the platform to carry out the attack.

Recommendation

           Administrators can mitigate this issue by installing the latest version of SQL Server along with Microsoft OLE DB Driver 18 or 19. In addition to Microsoft, other vendors have also released security updates over the past few weeks to address vulnerabilities, with users being advised to update to their patches.

The important things is Security systems. We must concern and monitor as usual.
For more information please contact
Email :sales@inetms.co.th
065 149 2822 (Ms.Suphatson )
063 204 4534 (Ms.Atsamaphorn)
065 929 6330 (Ms.Kansinee)
0613879439 (Ms.Sirilak)
0922576902 (Ms.Narusorn)

References

Weekly Interesting CVE | EN

NO.

CVE Name

Published Date

Last Update

Device/Appplication/OS Target

Attack Type

CVSS
Severity Rating

Detail

Solution

Reference
1

CVE-2025-6555

24/06/2025

02/07/2025

Google Chrome prior to ver. 138.0.7204.49

Use after free

5.4

Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Upgrade to ver. 138.0.7204.49

https://nvd.nist.gov/vuln/detail/CVE-2025-6555
2

CVE-2025-49713

02/07/2025

03/07/2025

Microsoft Edge prior to ver. 138.0.3351.65

Type confusion

8.8

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Upgrade to ver. 138.0.3351.65

https://nvd.nist.gov/vuln/detail/CVE-2025-49713
3

CVE-2025-36630

01/07/2025

03/07/2025

Tenable Nessus prior ver. 10.8.5

Privileges management

8.4

In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.

Upgrade to ver. 10.8.5

https://nvd.nist.gov/vuln/detail/CVE-2025-36630



 
 4

CVE-2025-20310

02/07/2025

03/07/2025

Cisco Enterprise Chat and Email
version
11.6(1)_ES3
11.6(1)_ES4
12.0(1)_ES6

Cross site scripting

6.1

A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid agent credentials.

Upgrade to ver. 15.0(1)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-xss-CbtKtEYc
5

CVE-2025-34089

02/07/2025

03/07/2025

Aexol Studio : Remote for mac
versions 2025.7 and earlier

Missing authentication

9.3

An unauthenticated remote code execution vulnerability exists in Remote for Mac. When the application is configured with authentication disabled, the /api/executeScript endpoint is exposed without access control. This allows unauthenticated remote attackers to inject arbitrary AppleScript payloads via the X-Script HTTP header, resulting in code execution using do shell script. Successful exploitation grants attackers the ability to run arbitrary commands on the macOS host with the privileges of the Remote for Mac background process.

No mitigation known.

https://vulncheck.com/advisories/remote-for-mac-rce



 

 

Malware News or Campaign IOC/IOA | EN

No

Campaign Name

Detection Date

Attack

Type

  

Description

  

Mitigation/Remediation
1

Ransomware Attack on DHL Thailand​

06/07/2025​

Information Stealer​

In early June 2025, DHL Thailand was attacked with ransomware by the DEVMAN hacking group, which started by spreading the RedLine and Raccoon Stealer malware to steal user account information before penetrating the internal network and encrypting all files and demanding ransom. This attack temporarily disrupted DHL's operations and raised awareness of cybersecurity among Thai organizations, especially the logistics sector, which began investing more in defense systems such as EDR, SIEM, and rigorous third-party monitoring.​
  • Regularly update software and operating systems​
  • Regularly back up data and store it outside the primary system​
  • Train and educate employees about cyber threats​

Ref: https://www.ainvest.com/news/ransomware-attack-dhl-thailand-sparks-surge-cybersecurity-demand-2506/

22 July 2025

Viewed 96 time

Engine by shopup.com